[Putty Fatal Error: "Server sent disconnect message type 2 (protocol error): "Too many authentication failures] While connecting to vCenter via SSH
search cancel

[Putty Fatal Error: "Server sent disconnect message type 2 (protocol error): "Too many authentication failures] While connecting to vCenter via SSH

book

Article ID: 381256

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Error like the following below are seen which indicates an issue with the SSH logins to the vCenter server:

/var/log/vmware/messages:
YYYY-MM-DDTHH:MM:SS [Server FQDN] sshd[18354] rexec line 134: Deprecated option UsePrivilegeSeparation
YYYY-MM-DDTHH:MM:SS [Server FQDN] sshd[18354] rexec line 135: Deprecated option RhostsRSAAuthentication
YYYY-MM-DDTHH:MM:SS [Server FQDN] sshd[18354] FIPS mode initialized
YYYY-MM-DDTHH:MM:SS [Server FQDN] sshd[18354] reprocess config line 135: Deprecated option RhostsRSAAuthentication
YYYY-MM-DDTHH:MM:SS [Server FQDN] sshd[18354] User root from X.X.X.X not allowed because none of user's groups are listed in AllowGroups <------ Primary error
YYYY-MM-DDTHH:MM:SS [Server FQDN] sshd[18354] pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.240.244.187  user=root
YYYY-MM-DDTHH:MM:SS [Server FQDN] sshd[18354] Failed password for invalid user root from x.x.x.x port 57329 ssh2

  • No other user or jump is able to access the vCenter as well. 
  • SSH is enabled.
  • Rebooting does not resolve the issue.
  • Root password reset via GRUB does not address the problem as well. 

 

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware vCenter Server 7.0.x

Cause

  • In vCenter, the sshd_config file contained the following parameter:

 

  • The AllowGroups parameter in the sshd_config file is a configuration directive that restricts SSH access to users who are members of the wheel group. This means that only users who belong to the wheel group are allowed to authenticate and connect to the system via SSH.
  • wheel is typically a special administrative group in many UNIX-like systems, including Linux and macOS, that is often used to grant users the ability to perform administrative tasks (e.g., sudo access). The wheel group is commonly used to restrict certain administrative commands or provide privileged access.

Resolution

  • Determined that SSH access was blocked due to `AllowGroups wheel` in `/etc/ssh/sshd_config` following the error logged in messages file.
  • Created a backup of the original `sshd_config` file:
    • cp sshd_config sshd_config.bak
  • Took a non-memory, non-quiesced snapshot of the vCenter system.
  • Opened `/etc/ssh/sshd_config` with `vi` editor and commented out the `AllowGroups wheel` line.
  • Saved the modified `sshd_config` file.
    • Press ESC
    • Type :wq! and hit Enter
  • Restarted the SSH service to apply the changes.
  • Verified that SSH access was restored and successfully logged in and revoked if the parameter `AllowGroups` wheel is removed from the comment.
  • Monitored the system to ensure normal operation after the update.

Additional Information

If in any case the above solution does not work, then add the root user in the Allow Groups

For Example: 

 AllowGroups wheel root

 

Powered by Wolken Software